Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-v9hf-5j83-6xpp: PyMySQL SQL Injection vulnerability

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

ghsa
#sql#vulnerability#js#git

PyMySQL SQL Injection vulnerability

Critical severity GitHub Reviewed Published May 21, 2024 to the GitHub Advisory Database • Updated May 21, 2024

Related news

Red Hat Security Advisory 2024-4245-03

Red Hat Security Advisory 2024-4245-03 - An update for python3 is now available for Red Hat Enterprise Linux 8. Issues addressed include a remote SQL injection vulnerability.

Red Hat Security Advisory 2024-4244-03

Red Hat Security Advisory 2024-4244-03 - An update for python3.11-PyMySQL is now available for Red Hat Enterprise Linux 8. Issues addressed include a remote SQL injection vulnerability.

Ubuntu Security Notice USN-6801-1

Ubuntu Security Notice 6801-1 - It was discovered that PyMySQL incorrectly escaped untrusted JSON input. An attacker could possibly use this issue to perform SQL injection attacks.

Debian Security Advisory 5700-1

Debian Linux Security Advisory 5700-1 - An SQL injection was discovered in pymysql, a pure Python MySQL driver.